The above applications relate generally to comprehensive security around the sharing of digital information in a networked environment where end to end security, reporting, and compliance are necessary in order to counter threats to data and privacy and to meet regulatory and compliance reporting needs. The present invention represents one example of the implementation of a Secure Business Service (Secure Digital Courier) allowing for the transfer of data and files between a wide range of participants over a virtual service connection (VSC) on a service oriented (SON) network. (SON is short for Service Oriented Network also referenced to in previous art as SSN and SMFSN). A core feature of the solution is the ability to create public and private communities of shared secure business services over any IP network. The advantages of such a solution have been described in prior art referenced herein as a Secure Service Network (SSN). The focus of this application is the unique process, security, governance, enrollment, invitation, and service model around a secure digital courier service that is universal in it application and provides a level of integrated security, reporting, management, governance, self enrollment, and logging not presently available.
The solution of the invention allows for the creation of private, trusted, and secure service communities over any physical IP network topology where participant control and end to end reporting, billing, and audit are functions for all activity on the network. This includes the internet, wired and wireless networks as well as vast private and public networks. The ability to create an end to end secure virtual service connection for each and every service and specific to the participants is a unique feature of the invention. This in combination with a series of unique governance models described in previous art and included herein by reference enables the creation of secure and private participant service communities over any IP network.
The ability to share information in a secure, timely, and cost effective manner has become the life blood of nearly every commercial business and government entity. Networks, including the internet and wireless, with their combination of low cost of entry, universal connectivity, and participant flexibility have dramatically impacted the way the world is conducting business. As dependence on these networks grows and the number of participants and applications continues to increase, so does the impact of security breaches and malicious activity.
The proliferation of email, office applications, tablet PCs, PDAs, scanners, RFID systems, the internet, wireless, and vast private corporate networks, make it possible to capture information in digital form and move it from point to point at the speed of light. Unfortunately, the networks and applications created to perform this broad and far reaching distribution have focused mainly on convenience at the expense of other important/critical qualities. As an example, the internet and vast private networks make it possible to move a document/file from one location to another in a matter of seconds. However, major gaps in security, privacy and the ability to insure authenticity are limiting the value of this incredible resource in markets where these features are required. Despite these weaknesses, the use of the Internet and vast private networks continues to grow at an amazing rate and the infrastructure needed to move information in a secure, auditable, and reliable digital format is struggling to keep.
As businesses and economies transition to a digital world, there is a rising need for a comprehensive secure business offering that replicates and expands on the key features of the traditional hard copy Document Courier or Registered Mail in the digital world. We have become accustom to email, instant messaging, FTP, and many other networked conveniences. Many users do not understand that information contained in these communication vehicles has limited or no security wrapped around it. Those that do understand it, continue to use physical documents and couriers to address the need or willingly assume the risk by placing disclaimers and confidential notifications on email messages assuming this provides some level of protection. This physical approach is not only time consuming, but expensive, inconvenient, and ridiculous in today's digital world. The result is that whether the need is over an internal private network or over the internet, the problem of addressing digital document security and authenticity in a simple comprehensive manner is still present. Currently email (using SMTP) over an untrusted network and other forms of file and message transfer can not guarantee the authenticity of the document, its privacy between the sender and receiver, and that it was actually received by the recipient.
The current security market has a signification separation created by the role and capabilities of network equipment makers, network transport providers, and application providers. The result is a fragmented and piecemeal approach to comprehensive security in a networked world. The network perimeter security model is only as strong as the weakest on ramp, has no knowledge of user or context, and has no knowledge of applications. The applications connected to a network have limited knowledge of the network and all implement components of security in varying forms. The result is fragmented and piecemeal security across networked solutions where the risk increases with the number of users or applications on the network.
The solution of the invention is the first offering that bridges the security gap created by this market separation by providing a comprehensive security model for networked applications and users as a function of the network. As a result, all traffic on the service network inherits a comprehensive security, provisioning, and compliance reporting model. A unique feature of the invention is that all applications and web services running over and SSN network inherit this security model with no changes to the existing applications and web services. This allows for rapid adoption and integration to existing investments and eliminates the need and risk of building security into each application and service where the result is your network is only as secure as your weakest application, web service, or network on ramp. The market result of this fragmented approach has been the creation of vast private dedicated networks or application specific networks were one entity maintains absolute control over the network/application, or in the case of internet secure applications, all security is inconsistently implemented in each and every application. The impact has been massive security challenges and public compromises of sensitive data.
Currently there is no integrated security solution that bridges the gap and addresses all of the elements of security needed to enter into and enforce a basic business contract focused on the integrity of sharing information in a digital form. A summary of the basic elements of security needed to provide comprehensive end to end security include: a) Authentication—I must know all participants that I am doing business with (specifically strong mutual and multi-factor authentication); b) Authorization—I know that the participants I am interacting with are authorized for the specific activity they are requesting; c) End to end encryption—the information being exchanged is protected in such a way that it is only viewable to the authenticated and authorized participants. This includes transport level encryption as well as payload encryption such that the data is still protected and private while it is at rest on any device; d) Privacy—keeps private a participant's activity or existence from other participants that are not authorized to have that knowledge and maintains the privacy of any data exchanged such that it is specific to the authorized participants; e) End to end audit—tracks all activity to the user and activity level (service on the network) and provides a record of the activity (who did what to whom and when); f) Reporting—collects and reports data in a manner needed for SLA enforcement, billing, dispute resolution, activity, real time management, and operational provisioning/planning; and g) Non-repudiation—supports that an activity happened and that it is unique to the participants. This feature assures the integrity and authenticity of an action or activity among a group of participants that are parties to the activity.
Some common approaches for moving digital information today and their limitations are highlighted below. Create a PDF document—many businesses and legal firms today create PDF documents so that they can control changes in a document that has been distributed to others. This does little or nothing to protect the content while in transit or at rest, can not assure the document was delivered, and can not provide any level of audit trail showing that the item was sent from one person to another where strong mutual authentication is implemented.
Zip the files up into a password protected Zip file—While this will provide some limited content privacy, it provides no assurance the payload has not been tampered with, it actually came from the sender, the document got to the recipient, and requires you to send the password to the recipient over the same medium and often unprotected. In addition there is no audit trail showing that the item was sent from one person to another and no use of strong authentication.
SSL based file transfer services—only protects the payload in transit. Does nothing to protect the content, such that only the recipient can open, read or alter it. Also does not provide an end to end audit trail for the distribution of the document. In addition, strong mutual authentication of the participants is not common and there is no support for recipient specific encryption.
Secure email—can take many forms and usually requires the same email package by all users. In addition, it typically can not provide a defensible audit trail over an unprotected transport, nor can it protect the payload such that only the recipient can open, read, and alter it. Also typically has attachment and attachment size limits and is not firewall friendly.
Secure FTP—typically uses SSL to encrypt the transmission of files using the traditional FTP method. Limited traceability and has the same limitations of the SSL file transfer approach. Also does not implement a strong mutual authentication of all parties to the transfer or other components of comprehensive end to end security.
Email attachments—Does nothing to protect the file. Limits in attachment size and type often restrict use through corporate firewalls and emails servers. The payload is open for viewing to anyone that can see the data packets on the network. Using SSL for transport encryption still does not full fill the need for recipient specific encryption in support of end to end non-repudiation for high value transfers.
Email attachments with encryption—Protects the payload but does not utilize an SSL connection for transmission of data. As a result elements of the information sharing process are not secure resulting in opportunities for compromising the protected portion of the activity. This approach also does not provide privacy protection for the parties to the transaction.
Instant Message File Transfer—Sends file in the clear and does not support recipient specific encryption. Also has file size limitation and if encrypted suffers from the same limitations as the SSL file transfer approach.
There are several solutions in the market today that provide an encrypted file transfer service using SSL. However, none of these can encrypt the document in a manner that guarantees who it is from and that it's content has not been tampered with, protects the document when not in transit (at rest), all while assuring that it can only be opened and viewed by the recipient. Also none of the SSL approaches leverage a PKI infrastructure for mutual authentication as a requirement for establishing the SSL session. There are secure email packages emerging on the market. However these still do not have the secure and far reaching capabilities of the Secure Digital Courier subscription model outlined in this document. These solutions focus on SSL encryption for the movement of the message, are limited in the size of the documents they can move, and do not perform automated encryption and security at multiple levels specific to the recipient or participants in the transaction.
In summary, the SDC service addresses the limitations of alternatives in the market and offers: a) A unique process model around private invitation enrollment with strong authentication and verification; b) Integrated reporting, SLA management, and activity notifications; c) Receipt verification with status of digital signature verification and recipient specific encryption verification; d) Comprehensive security around all interactions with the solution and the ability to support private, public and interest specific secure communities; e) Enrollment acceptance notification; and f) Function specific secure network connections defined as Virtual Service Connections where an encrypted VPN is created specific to the services and it's provisioning to participants.
The invention is described more fully in the following description of the embodiments set out considered in view of the drawings in which: